Adult Friend Finder would no doubt love the opportunity to roll back the calendar to at least early 2015.
After suffering a security breach in mid-2015 in which sensitive data belonging to nearly four million people was compromised, we’ve now learned of a second breach targeting not only the Adult Friend Finder website but several of the entertainment company’s other sites and services.
Breach notification site LeakedSource said it has verified that 339,774,493 AdultFriendFinder.com accounts were compromised last month. Data belonging to 62,668,630 Cam.com users, 7,176,877 Penthouses.com users, 1,423,192 Stripshow.com users and 1,135,731 iCams.com users was also exposed, as were 35,372 users from unknown domains.
In total, 412,214,295 accounts with data representing 20 years of customer activity were affected by the mega breach, making it the largest hack of 2016 and the largest that LeakedSource personally has ever seen. A local file inclusion exploit reportedly gave the hacker(s) a way into the network.
LeakedSource further notes that a significant amount of users on file had an e-mail address in the format of: firstname.lastname@example.org@deleted1.com. This almost certainly indicates that Adult Friend Finder held onto users’ accounts even after members deleted their accounts. There were more than 15 million of these “deleted” accounts associated with AdultFriendFinder.com, the publication claims.
Passwords for FriendFinder Network Inc. sites were stored either in plain visible format or SHA1 hashed (peppered) with the hashed passwords seemingly converted to all lowercase before storage. As a result, LeakedSource says 99.0 percent of all available passwords have been cracked and are visible in plaintext.
One would think that after having been hacked the year before, FriendFinder Network Inc. would have taken the necessary steps to bolster security but I digress.